<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title></title>
	<link rel="stylesheet" type="text/css" href="http://paranoid.net.cn/semantic.css" >
</head>
<body>
<section-title-en>2.13 Platform Initialization (Booting)</section-title-en>
<section-title-ch>2.13 平台初始化(启动)</section-title-ch>
<p-en>
	When a computer is powered up, it undergoes a bootstrapping process, also called booting, for simplicity. The boot process is a sequence of steps that collectively initialize all the computer's hardware components and load the system software into DRAM. An analysis of a system's security properties must be aware of all the pieces of software executed during the boot process, and must account for the trust relationships that are created when a software module loads another module.
</p-en>
<p-ch>
	当计算机开机时，会经历一个启动过程，为了简单起见，也叫开机。引导过程是一连串的步骤，这些步骤共同初始化计算机的所有硬件组件，并将系统软件加载到DRAM中。对系统安全属性的分析，必须意识到在启动过程中执行的所有软件，必须考虑到一个软件模块加载另一个模块时产生的信任关系。
</p-ch>
<p-en>
	This section outlines the details of the boot process needed to reason about the security of a system based on the Intel architecture. [92] provides a good reference for many of the booting process's low-level details. While some specifics of the boot process depend on the motherboard and components in a computer, this section focuses on the high-level flow described by Intel's documentation.
</p-en>
<p-ch>
	本节概述了推理基于英特尔架构的系统的安全性所需的启动过程的细节。92]为许多启动过程的低级细节提供了很好的参考。虽然启动过程的一些细节取决于主板和计算机中的组件，但本节重点介绍英特尔文档中描述的高层次流程。
</p-ch>
<subsection-title-en>2.13.1 The UEFI Standard</subsection-title-en>
<subsection-title-ch>2.13.1 UEFI标准</subsection-title-ch>
<p-en>
	The firmware in recent computers with Intel processors implements the Platform Initialization (PI) process in the Unified Extensible Firmware Interface (UEFI) specification [180]. The platform initialization follows the steps shown in Figure 30 and described below.
</p-en>
<p-ch>
	最近采用Intel处理器的计算机中的固件实现了统一可扩展固件接口（UEFI）规范中的平台初始化（PI）过程[180]。平台初始化按照图30所示的步骤进行，并在下面进行描述。
</p-ch>
<img src="fig.30.jpg" width="" height="" alt="" />
<p-en>
	Figure 30: The phases of the Platform Initialization process in the UEFI specification.
</p-en>
<p-ch>
	图30.UEFI规范中的平台初始化过程阶段。UEFI规范中平台初始化过程的各个阶段。
</p-ch>
<p-en>
	The computer powers up, reboots, or resumes from sleep in the Security phase (SEC). The SEC implementation is responsible for establishing a temporary memory store and loading the next stage of the firmware into it. As the first piece of software that executes on the computer, the SEC implementation is the system's root of trust, and performs the first steps towards establishing the system's desired security properties.
</p-en>
<p-ch>
	计算机在安全阶段（SEC）开机、重启或从睡眠状态恢复。SEC实现负责建立一个临时的内存存储，并将下一阶段的固件加载到其中。作为计算机上执行的第一个软件，SEC实现是系统的信任根，并执行建立系统所需安全属性的第一步。
</p-ch>
<p-en>
	For example, in a measured boot system (also known as trusted boot), all the software involved in the boot process is measured (cryptographically hashed, and the measurement is made available to third parties, as described in §3.3). In such a system, the SEC implementation takes the first steps in establishing the system's measurement, namely resetting the special register that stores the measurement result, measuring the PEI implementation, and storing the measurement in the special register.
</p-en>
<p-ch>
	例如，在被测量的引导系统中(也称为可信引导)，所有参与引导过程的软件都被测量(加密哈希，测量结果提供给第三方，如§3.3所述)。在这样的系统中，SEC的实现采取了建立系统测量的第一步，即重置存储测量结果的特殊寄存器，测量PEI的实现，并将测量结果存储在特殊寄存器中。
</p-ch>
<p-en>
	SEC is followed by the Pre-EFI Initialization phase (PEI), which initializes the computer's DRAM, copies itself from the temporary memory store into DRAM, and tears down the temporary storage. When the computer is powering up or rebooting, the PEI implementation is also responsible for initializing all the non-volatile storage units that contain UEFI firmware and loading the next stage of the firmware into DRAM.
</p-en>
<p-ch>
	SEC之后是预EFI初始化阶段(PEI)，它初始化计算机的DRAM，将自己从临时存储器存储区拷贝到DRAM中，并将临时存储区拆掉。当计算机开机或重启时，PEI实现还负责初始化所有包含UEFI固件的非易失性存储单元，并将下一阶段的固件加载到DRAM中。
</p-ch>
<p-en>
	PEI hands off control to the Driver eXecution Environment phase (DXE). In DXE, a loader locates and starts firmware drivers for the various components in the computer. DXE is followed by a Boot Device Selection (BDS) phase, which is followed by a Transient System Load (TSL) phase, where an EFI application loads the operating system selected in the BDS phase. Last, the OS loader passes control to the operating system's kernel, entering the Run Time (RT) phase.
</p-en>
<p-ch>
	PEI将控制权交给了驱动程序执行环境阶段（DXE）。在DXE中，加载器为计算机中的各种组件定位并启动固件驱动程序。DXE之后是启动设备选择(BDS)阶段，随后是瞬态系统加载(TSL)阶段，EFI应用程序将加载BDS阶段选择的操作系统。最后，操作系统加载器将控制权传递给操作系统的内核，进入运行时间（RT）阶段。
</p-ch>
<p-en>
	When waking up from sleep, the PEI implementation first initializes the non-volatile storage containing the system snapshot saved while entering the sleep state. The rest of the PEI implementation may use optimized re-initialization processes, based on the snapshot contents. The DXE implementation also uses the snapshot to restore the computer's state, such as the DRAM contents, and then directly executes the operating system's wake-up handler.
</p-en>
<p-ch>
	当从睡眠状态唤醒时，PEI实施例首先初始化包含进入睡眠状态时保存的系统快照的非易失性存储。PEI实现的其余部分可以根据快照内容，使用优化的重新初始化过程。DXE实现还可以利用快照恢复计算机的状态，如DRAM内容，然后直接执行操作系统的唤醒处理程序。
</p-ch>
<subsection-title-en>2.13.2 SEC on Intel Platforms</subsection-title-en>
<subsection-title-ch>2.13.2 英特尔平台上的SEC</subsection-title-ch>
<p-en>
	Right after a computer is powered up, circuitry in the power supply and on the motherboard starts establishing reference voltages on the power rails in a specific order, documented as “power sequencing” [184] in chipset specifications such as [102]. The rail powering up the Intel ME (§2.9.2) in the PCH is powered up significantly before the rail that powers the CPU cores.
</p-en>
<p-ch>
	在计算机上电后，电源和主板上的电路就开始按照特定的顺序在电源轨上建立参考电压，在芯片组规范中被记录为 "电源排序"[184]，如[102]。PCH中给Intel ME(§2.9.2)供电的轨明显先于给CPU核心供电的轨供电。
</p-ch>
<p-en>
	When the ME is powered up, it starts executing the code in its boot ROM, which sets up the SPI bus connected to the flash memory chip (§2.9.1) that stores both the UEFI firmware and the ME's firmware. The ME then loads its firmware from flash memory, which contains the ME's operating system and applications.
</p-en>
<p-ch>
	当ME上电后，它开始执行其启动ROM中的代码，它设置了连接到闪存芯片（§2.9.1）的SPI总线，该芯片存储了UEFI固件和ME的固件。然后ME从闪存中加载其固件，其中包含了ME的操作系统和应用程序。
</p-ch>
<p-en>
	After the Intel ME loads its software, it sets up some of the motherboard's hardware, such as the PCH bus clocks, and then it kicks off the CPU's bootstrap sequence. Most of the details of the ME's involvement in the computer's boot process are not publicly available, but initializing the clocks is mentioned in a few public documents [5, 7, 42, 107], and is made clear in firmware bringup guides, such as the leaked confidential guide [93] documenting firmware bringup for Intel's Series 7 chipset.
</p-en>
<p-ch>
	英特尔ME加载软件后，会对主板的一些硬件进行设置，比如PCH总线时钟，然后启动CPU的引导序列。ME参与计算机启动过程的大部分细节并没有公开，但在一些公开的文件[5，7，42，107]中提到了初始化时钟，并且在固件带入指南中也有明确的说明，比如泄露的记录英特尔7系列芯片组固件带入的机密指南[93]。
</p-ch>
<p-en>
	The beginning of the CPU's bootstrap sequence is the SEC phase, which is implemented in the processor circuitry. All the logical processors (LPs) on the motherboard undergo hardware initialization, which invalidates the caches (§2.11) and TLBs (§2.11.5), performs a BuiltIn Self Test (BIST), and sets all the registers (§2.6) to pre-specified values.
</p-en>
<p-ch>
	CPU的启动序列的开始是SEC阶段，它是在处理器电路中实现的。主板上的所有逻辑处理器(LP)都要进行硬件初始化，使缓存(§2.11)和TLB(§2.11.5)无效，执行BuiltIn自检(BIST)，并将所有寄存器(§2.6)设置为预先规定的值。
</p-ch>
<p-en>
	After hardware initialization, the LPs perform the Multi-Processor (MP) initialization algorithm, which results in one LP being selected as the bootstrap processor (BSP), and all the other LPs being classified as application processors (APs).
</p-en>
<p-ch>
	硬件初始化后，LP执行多处理器(MP)初始化算法，结果选择一个LP作为引导处理器(BSP)，其他LP都被划分为应用处理器(AP)。
</p-ch>
<p-en>
	According to the SDM, the details of the MP initialization algorithm for recent CPUs depend on the motherboard and firmware. In principle, after completing hardware initialization, all LPs attempt to issue a special no-op transaction on the QPI bus. A single LP will succeed in issuing the no-op, thanks to the QPI arbitration mechanism, and to the UBox (§2.11.3) in each CPU package, which also serves as a ring arbiter. The arbitration priority of each LP is based on its APIC ID (§2.12), which is provided by the motherboard when the system powers up. The LP that issues the no-op becomes the BSP. Upon failing to issue the no-op, the other LPs become APs, and enter the wait-for-SIPI state.
</p-en>
<p-ch>
	据SDM介绍，近期CPU的MP初始化算法细节取决于主板和固件。原则上，在完成硬件初始化后，所有LP都会尝试在QPI总线上发出一个特殊的no-op事务。单个LP会成功发出no-op，这要归功于QPI仲裁机制，以及每个CPU封装中的UBox(§2.11.3)，它也是一个环形仲裁器。每个LP的仲裁优先级是基于其APIC ID（§2.12），APIC ID在系统开机时由主板提供。发出no-op的LP成为BSP。当没有发出no-op时，其他LP就成为AP，进入等待SIPI状态。
</p-ch>
<p-en>
	Understanding the PEI firmware loading process is unnecessarily complicated by the fact that the SDM describes a legacy process consisting of having the BSP set its RIP register to 0xFFFFFFF0 (16 bytes below 4 GB), where the firmware is expected to place a instruction that jumps into the PEI implementation.
</p-en>
<p-ch>
	由于SDM描述了一个传统的过程，包括让BSP将其RIP寄存器设置为0xFFFFFFF0(4GB以下16个字节)，理解PEI固件加载过程是不必要的复杂化，固件要在这里放置一个跳转到PEI实现的指令。
</p-ch>
<p-en>
	Recent processors do not support the legacy approach at all [156]. Instead, the BSP reads a word from address 0xFFFFFFE8 (24 bytes below 4 GB) [40, 203], and expects to find the address of a Firmware Interface Table (FIT) in the memory address space (§2.4), as shown in Figure 31. The BSP is able to read firmware contents from non-volatile memory before the computer is initialized, because the initial SAD (§2.11.3) and PCH (§2.9.1) configurations maps a region in the memory address space to the SPI flash chip (§2.9.1) that stores the computer's firmware.
</p-en>
<p-ch>
	最近的处理器完全不支持传统的方法[156]。相反，BSP从地址0xFFFFFFE8（4GB以下24个字节）[40，203]中读取一个字，并期望在内存地址空间（§2.4）中找到一个固件接口表（FIT）的地址，如图31所示。在计算机初始化之前，BSP能够从非易失性存储器中读取固件内容，这是因为初始SAD(§2.11.3)和PCH(§2.9.1)配置将存储器地址空间中的一个区域映射到存储计算机固件的SPI闪存芯片(§2.9.1)。
</p-ch>
<img src="fig.31.jpg" width="" height="" alt="" />
<p-en>
	Figure 31: The Firmware Interface Table (FIT) in relation to the firmware's memory map.
</p-en>
<p-ch>
	图31.固件接口表（FIT）与固件的内存映射的关系。固件接口表(FIT)与固件内存映射的关系
</p-ch>
<p-en>
	The FIT [153] was introduced in the context of Intel's Itanium architecture, and its use in Intel's current 64- bit architecture is described in an Intel patent [40] and briefly documented in an obscure piece of TXT-related documentation [89]. The FIT contains Authenticated Code Modules (ACMs) that make up the firmware, and other platform-specific information, such as the TPM and TXT configuration [89].
</p-en>
<p-ch>
	FIT[153]是在英特尔Itanium架构的背景下推出的，它在英特尔目前64位架构中的使用在英特尔专利[40]中有所描述，并在一份不知名的TXT相关文档[89]中进行了简要记录。FIT包含组成固件的认证代码模块（ACM），以及其他平台特定信息，如TPM和TXT配置[89]。
</p-ch>
<p-en>
	The PEI implementation is stored in an ACM listed in the FIT. The processor loads the PEI ACM, verifies the trustworthiness of the ACM's public key, and ensures that the ACM's contents matches its signature. If the PEI passes the security checks, it is executed. Processors that support Intel TXT only accept Intel-signed ACMs [55, p. 92].
</p-en>
<p-ch>
	PEI的实现存储在FIT中列出的ACM中。处理器加载PEI ACM，验证ACM公钥的可信度，并确保ACM的内容与其签名相符。如果PEI通过了安全检查，它就会被执行。支持Intel TXT的处理器只接受Intel签名的ACM[55，第92页]。
</p-ch>
<subsection-title-en>2.13.3 PEI on Intel Platforms</subsection-title-en>
<subsection-title-ch>2.13.3 英特尔平台上的PEI</subsection-title-ch>
<p-en>
	[92] and [35] describe the initialization steps performed by Intel platforms during the PEI phase, from the perspective of a firmware programmer. A few steps provide useful context for reasoning about threat models involving the boot process.
</p-en>
<p-ch>
	[92]和[35]从固件程序员的角度描述了英特尔平台在PEI阶段执行的初始化步骤。有几个步骤为推理涉及引导过程的威胁模型提供了有用的背景。
</p-ch>
<p-en>
	When the BSP starts executing PEI firmware, DRAM is not yet initialized. Therefore the PEI code starts executing in a Cache-as-RAM (CAR) mode, which only relies on the BSP's internal caches, at the expense of imposing severe constraints on the size of the PEI's working set.
</p-en>
<p-ch>
	当BSP开始执行PEI固件时，DRAM尚未初始化。因此，PEI代码开始以Cache-as-RAM(CAR)模式执行，这种模式只依赖于BSP的内部缓存，代价是对PEI工作集的大小进行了严格的限制。
</p-ch>
<p-en>
	One of the first tasks performed by the PEI implementation is enabling DRAM, which requires discovering and initializing the DRAM chips connected to the motherboard, and then configuring the BSP's memory controllers (§2.11.3) and MTRRs (§2.11.4). Most firmware implementations use Intel's Memory Reference Code (MRC) for this task.
</p-en>
<p-ch>
	PEI实现首先执行的任务之一是启用DRAM，这需要发现并初始化连接到主板的DRAM芯片，然后配置BSP的内存控制器（§2.11.3）和MTRRs（§2.11.4）。大多数固件实现都使用英特尔的内存参考代码（MRC）来完成这项任务。
</p-ch>
<p-en>
	After DRAM becomes available, the PEI code is copied into DRAM and the BSP is taken out of CAR mode. The BSP's LAPIC (§2.12) is initialized and used to send a broadcast Startup Inter-Processor Interrupt (SIPI, §2.12) to wake up the APs. The interrupt vector in a SIPI indicates the memory address of the AP initialization code in the PEI implementation.
</p-en>
<p-ch>
	在DRAM变得可用后，PEI代码被复制到DRAM中，BSP被从CAR模式中取出。BSP的LAPIC(§2.12)被初始化，用于发送广播式的启动处理器间中断(SIPI，§2.12)以唤醒AP。SIPI中的中断向量表示PEI实现中AP初始化代码的内存地址。
</p-ch>
<p-en>
	The PEI code responsible for initializing APs is executed when the APs receive the SIPI wake-up. The AP PEI code sets up the AP's configuration registers, such as the MTRRs, to match the BSP's configuration. Next, each AP registers itself in a system-wide table, using a memory synchronization primitive, such as a semaphore, to avoid having two APs access the table at the same time. After the AP initialization completes, each AP is suspended again, and waits to receive an INIT Inter-Processor Interrupt from the OS kernel.
</p-en>
<p-ch>
	当AP接收到SIPI唤醒时，负责初始化AP的PEI代码被执行。AP PEI代码设置AP的配置寄存器，如MTRRs，以匹配BSP的配置。接下来，每个AP在全系统的表中注册自己，使用内存同步基元，如旗语，以避免有两个AP同时访问该表。AP初始化完成后，每个AP再次暂停，等待接收OS内核的INIT处理器间中断。
</p-ch>
<p-en>
	The BSP initialization code waits for all APs to register themselves into the system-wide table, and then proceeds to locate, load and execute the firmware module that implements DXE.
</p-en>
<p-ch>
	BSP初始化代码等待所有AP将自己注册到系统范围的表中，然后继续定位、加载和执行实现DXE的固件模块。
</p-ch>

</body>
</html>	